Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virenfunde durch MBAM

Virenfunde durch MBAM


Log-Analyse und Auswertung: Virenfunde durch MBAM

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.03.2014, 14:02   #1
juhu73
 
Virenfunde durch MBAM - Standard

Virenfunde durch MBAM


Hallo,
MBAM hat bei mir 5 Funde angezeigt. Ich habe sie entfernen lassen.
Kann jemand trotzdem mal drüberschauen.

Mbam:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.03.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Hubert :: HUBERT-PC [Administrator]

03.03.2014 10:10:28
MBAM-log-2014-03-03 (12-21-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|S:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403574
Laufzeit: 2 Stunde(n), 9 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\Typelib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F} (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967} (PUP.Optional.GetNow.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
K:\$RECYCLE.BIN\S-1-5-21-4285553767-1374707740-3178024607-1000\$RX6K8MW.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt.
K:\$RECYCLE.BIN\S-1-5-21-4285553767-1374707740-3178024607-1000\$R8F68LU.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt.
K:\$RECYCLE.BIN\S-1-5-21-4285553767-1374707740-3178024607-1000\$RU1DYP6.exe (PUP.Optional.LiveSoftAction.A) -> Keine Aktion durchgeführt.

(Ende)
defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:09 on 03/03/2014 (Hubert)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt (additions.txt ist nicht vorhanden !)
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Hubert (administrator) on HUBERT-PC on 03-03-2014 13:11:18
Running from K:\Hubert\Eigene Dokumente\PC - dies und das\FRST
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Windows\system32\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Acronis) C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mirko Böer) C:\Program Files\SSS\SimpleScreenshot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILPE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Acronis) C:\Program Files\Acronis\DriveMonitor\adm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [192000 2009-08-19] (Wistron)
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2009-08-05] (Wistron Corp.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495728 2009-10-24] (IDT, Inc.)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [3342336 2009-11-12] (Sentelic Corporation)
HKLM\...\Run: [adm_tray.exe] - C:\Program Files\Acronis\DriveMonitor\adm_tray.exe [533808 2010-06-04] (Acronis)
HKLM\...\Run: [SimpleScreenshot] - C:\Program Files\SSS\SimpleScreenshot.exe [2255360 2011-07-12] (Mirko Böer)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILPE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: QTTabBar AutoLoader - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} -  No File
Toolbar: HKLM - No Name - !{d2bf470e-ed1c-487f-a666-2bd8835eb6ce} -  No File
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hubert\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CsFire - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\csfire@cs.kuleuven.be [2012-08-25]
FF Extension: GoogleSharing - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\googlesharing@extension.thoughtcrime.org [2011-07-05]
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-06-06]
FF Extension: WOT - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2010-05-06]
FF Extension: DownloadHelper - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-02]
FF Extension: Inline Translator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\itrans@tenshi.xpi [2011-08-14]
FF Extension: PDF Download - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2011-11-04]
FF Extension: Tab Control - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{39952c40-5197-11da-8cd6-0800200c9a66}.xpi [2011-04-07]
FF Extension: NoScript - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-15]
FF Extension: ImTranslator - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-04-10]
FF Extension: Adblock Plus - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: BetterPrivacy - C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-04-22]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Google Drive) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (WOT) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-14]
CHR Extension: (YouTube) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Adblock Plus) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-11]
CHR Extension: (Google-Suche) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (backgroundPage) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-12-10]
CHR Extension: (avast! Online Security) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-10]
CHR Extension: (Tabs to the front!) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2013-12-10]
CHR Extension: (Window Close Protector) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Google Mail) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-21]

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [661072 2009-10-31] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-01-22] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
S4 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-07-27] ()
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2009-10-24] (IDT, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-02] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-07] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] ()
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-06-14] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-03] (Malwarebytes Corporation)
S3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1488096 2009-07-30] (NXP Semiconductors Germany GmbH)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [911680 2010-01-22] (Acronis)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Hubert\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S2 HWiNFO32; \??\F:\Progs\hwinfo32\HWiNFO32.SYS [X]
S3 StarOpen; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 10:09 - 2014-03-03 10:10 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-02 13:20 - 2014-03-02 13:20 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PDF24
2014-03-02 10:45 - 2014-03-02 10:46 - 00000000 ____D () C:\Program Files\PDF24
2014-03-02 10:45 - 2014-03-02 10:45 - 00001827 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-01 09:48 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-19 16:42 - 2014-02-19 16:42 - 00000962 _____ () C:\Users\Hubert\Desktop\EPSON Scan.lnk
2014-02-18 15:25 - 2014-03-03 12:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-02-18 15:25 - 2014-03-03 12:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-02-18 15:25 - 2014-02-18 15:25 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-02-18 15:22 - 2014-02-18 15:22 - 00000000 ____D () C:\Program Files\EpsonNet
2014-02-18 15:22 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2014-02-18 15:22 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2014-02-18 15:22 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2014-02-18 15:22 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2014-02-18 15:22 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2014-02-18 15:22 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2014-02-18 15:14 - 2014-02-19 14:24 - 00000000 ____D () C:\Program Files\EPSON Software
2014-02-18 15:13 - 2014-02-18 15:13 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-02-18 15:13 - 2012-07-24 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll
2014-02-18 15:13 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe
2014-02-18 15:10 - 2013-10-22 04:04 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLMBLPE.DLL
2014-02-18 15:10 - 2011-03-15 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BLPE.DLL
2014-02-18 15:10 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2014-02-18 14:46 - 2014-02-19 14:26 - 00000000 ____D () C:\ProgramData\Epson
2014-02-15 15:06 - 2014-02-15 15:06 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-02-15 14:44 - 2014-02-15 15:06 - 00000000 ____D () C:\Program Files\LibreOffice 4
2014-02-15 10:24 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 10:24 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 10:24 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 10:24 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 10:24 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 10:24 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 10:24 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-15 10:24 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 10:24 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-15 10:24 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 10:24 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 10:24 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 10:24 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 10:24 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 10:24 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-15 10:24 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 10:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 10:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-15 10:20 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 10:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-15 10:20 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 10:20 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 10:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 10:20 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 10:20 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 10:20 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 10:20 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 10:20 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 10:20 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 10:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 13:02 - 2014-02-15 15:03 - 00000000 ____D () C:\Program Files\LibreOffice 4.0
2014-02-05 14:16 - 2014-02-05 14:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-03 17:46 - 2014-02-03 18:19 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-03 17:36 - 2014-02-03 17:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUBERT-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-02-03 17:35 - 2014-02-03 17:35 - 00000000 ____D () C:\RegBackup
2014-02-03 17:13 - 2014-02-03 17:13 - 00003288 ____N () C:\bootsqm.dat
2014-02-03 17:13 - 2014-02-03 17:13 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

2014-03-03 13:11 - 2014-01-29 18:29 - 00000000 ____D () C:\FRST
2014-03-03 13:10 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 13:10 - 2009-07-14 05:34 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 13:09 - 2009-11-06 04:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 13:06 - 2010-01-24 18:08 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\EPSON
2014-03-03 13:05 - 2010-02-14 16:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 13:04 - 2013-11-30 12:29 - 00000000 ____D () C:\Windows\de
2014-03-03 13:04 - 2013-08-22 15:39 - 00285528 _____ () C:\Windows\PFRO.log
2014-03-03 13:04 - 2013-07-10 12:42 - 00015526 _____ () C:\Windows\setupact.log
2014-03-03 13:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 13:03 - 2010-01-21 14:40 - 02050694 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 12:36 - 2010-02-14 16:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 12:25 - 2014-02-18 15:25 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-710 Series Update {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-03-03 12:25 - 2014-02-18 15:25 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-710 Series Invitation {B3A05D5E-0816-4D39-BC7D-04A0F78A3960}.job
2014-03-03 10:10 - 2014-03-03 10:09 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-02 13:20 - 2014-03-02 13:20 - 00000000 ____D () C:\Users\Hubert\AppData\Local\PDF24
2014-03-02 10:46 - 2014-03-02 10:45 - 00000000 ____D () C:\Program Files\PDF24
2014-03-02 10:45 - 2014-03-02 10:45 - 00001827 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-01 09:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-22 10:32 - 2013-12-10 14:48 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-19 16:49 - 2010-01-21 14:46 - 00000000 ____D () C:\Users\Hubert
2014-02-19 16:42 - 2014-02-19 16:42 - 00000962 _____ () C:\Users\Hubert\Desktop\EPSON Scan.lnk
2014-02-19 14:26 - 2014-02-18 14:46 - 00000000 ____D () C:\ProgramData\Epson
2014-02-19 14:24 - 2014-02-18 15:14 - 00000000 ____D () C:\Program Files\EPSON Software
2014-02-19 14:24 - 2009-11-06 07:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-18 15:25 - 2014-02-18 15:25 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-02-18 15:22 - 2014-02-18 15:22 - 00000000 ____D () C:\Program Files\EpsonNet
2014-02-18 15:13 - 2014-02-18 15:13 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-02-18 15:13 - 2010-01-24 17:26 - 00000000 ____D () C:\Program Files\epson
2014-02-18 15:13 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-02-18 15:05 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-18 13:05 - 2013-10-25 18:33 - 00000000 ____D () C:\Program Files\Brother
2014-02-18 13:02 - 2013-10-25 18:34 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-02-15 15:11 - 2010-01-21 16:18 - 00121040 _____ () C:\Users\Hubert\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 15:09 - 2009-07-14 05:33 - 00445376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-15 15:06 - 2014-02-15 15:06 - 00001426 _____ () C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2014-02-15 15:06 - 2014-02-15 14:44 - 00000000 ____D () C:\Program Files\LibreOffice 4
2014-02-15 15:03 - 2014-02-08 13:02 - 00000000 ____D () C:\Program Files\LibreOffice 4.0
2014-02-15 12:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-15 10:28 - 2013-07-12 13:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 10:28 - 2009-11-06 09:23 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-08 13:06 - 2011-12-06 10:16 - 00000000 ____D () C:\Users\Hubert\AppData\Roaming\LibreOffice
2014-02-08 13:05 - 2013-04-09 11:51 - 00000000 ____D () C:\Program Files\LibreOffice 3.5
2014-02-08 12:57 - 2009-07-14 09:57 - 00000000 ____D () C:\Windows\ShellNew
2014-02-05 18:39 - 2009-11-06 08:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-05 18:32 - 2009-11-06 09:09 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-05 14:16 - 2014-02-05 14:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-05 14:04 - 2013-12-12 10:14 - 00000000 ____D () C:\Users\Hubert\AppData\Local\Thunderbird
2014-02-05 09:58 - 2014-02-15 10:24 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-15 10:24 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-15 10:24 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-15 10:24 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-15 10:24 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-15 10:24 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-15 10:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-15 10:24 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-15 10:24 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-15 10:24 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-15 10:24 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-15 10:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-15 10:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-15 10:24 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-15 10:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-15 10:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-03 18:19 - 2014-02-03 17:46 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-03 17:36 - 2014-02-03 17:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUBERT-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-02-03 17:35 - 2014-02-03 17:35 - 00000000 ____D () C:\RegBackup
2014-02-03 17:13 - 2014-02-03 17:13 - 00003288 ____N () C:\bootsqm.dat
2014-02-03 17:13 - 2014-02-03 17:13 - 00000000 __SHD () C:\found.000
2014-02-03 14:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-03 10:08 - 2013-10-29 15:24 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-02-02 10:24 - 2011-07-26 15:13 - 00002051 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-02 10:23 - 2014-01-07 17:31 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-02 10:23 - 2011-07-26 15:13 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-02 10:23 - 2011-07-26 15:13 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-02-02 10:23 - 2011-07-26 15:13 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-02 10:23 - 2011-07-26 15:12 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-02 10:23 - 2011-07-26 15:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

Some content of TEMP:
====================
C:\Users\Hubert\AppData\Local\temp\4bdqfg5k.dll
C:\Users\Hubert\AppData\Local\temp\4vuvkusm.dll
C:\Users\Hubert\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Hubert\AppData\Local\temp\Quarantine.exe
C:\Users\Hubert\AppData\Local\temp\_is1FB1.exe
C:\Users\Hubert\AppData\Local\temp\_is2963.exe
C:\Users\Hubert\AppData\Local\temp\_is2AC7.exe
C:\Users\Hubert\AppData\Local\temp\_is30FF.exe
C:\Users\Hubert\AppData\Local\temp\_is3B99.exe
C:\Users\Hubert\AppData\Local\temp\_is4342.exe
C:\Users\Hubert\AppData\Local\temp\_is4A81.exe
C:\Users\Hubert\AppData\Local\temp\_is4AB6.exe
C:\Users\Hubert\AppData\Local\temp\_is5311.exe
C:\Users\Hubert\AppData\Local\temp\_is6A37.exe
C:\Users\Hubert\AppData\Local\temp\_is88B0.exe
C:\Users\Hubert\AppData\Local\temp\_is89CA.exe
C:\Users\Hubert\AppData\Local\temp\_is8D53.exe
C:\Users\Hubert\AppData\Local\temp\_is9A3.exe
C:\Users\Hubert\AppData\Local\temp\_is9AE6.exe
C:\Users\Hubert\AppData\Local\temp\_isA923.exe
C:\Users\Hubert\AppData\Local\temp\_isAA83.exe
C:\Users\Hubert\AppData\Local\temp\_isBEBC.exe
C:\Users\Hubert\AppData\Local\temp\_isD03A.exe
C:\Users\Hubert\AppData\Local\temp\_isD4FC.exe
C:\Users\Hubert\AppData\Local\temp\_isD924.exe
C:\Users\Hubert\AppData\Local\temp\_isE3C9.exe
C:\Users\Hubert\AppData\Local\temp\_isEA6E.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-21 18:42

==================== End Of Log ============================
Gmer.log:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-03 13:37:26
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\uwrirpow.sys


---- System - GMER 2.1 ----

SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwAddBootEntry [0x9102AACC]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwAssignProcessToJobObject [0x9102B5AA]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateEvent [0x91037692]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateEventPair [0x910376DE]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateIoCompletion [0x91037878]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateMutant [0x91037600]
SSDT            \??\C:\Windows\system32\drivers\aswSP.sys                                                                               ZwCreateSection [0x910E1426]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateSemaphore [0x91037648]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateThread [0x9102BAE0]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateThreadEx [0x9102BCFC]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwCreateTimer [0x91037832]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwDebugActiveProcess [0x9102C398]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwDeleteBootEntry [0x9102AB32]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwDuplicateObject [0x9102FBE4]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwLoadDriver [0x9102A71E]
SSDT            \??\C:\Windows\system32\drivers\aswSP.sys                                                                               ZwMapViewOfSection [0x910E1506]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwModifyBootEntry [0x9102AB98]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwNotifyChangeKey [0x9102FFDA]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwNotifyChangeMultipleKeys [0x9102CEDE]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenEvent [0x910376BC]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenEventPair [0x91037700]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenIoCompletion [0x9103789C]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenMutant [0x91037626]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenProcess [0x9102F4DE]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenSection [0x910377B0]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenSemaphore [0x91037670]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenThread [0x9102F8C6]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwOpenTimer [0x91037856]
SSDT            \??\C:\Windows\system32\drivers\aswSP.sys                                                                               ZwProtectVirtualMemory [0x910E12AA]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwQueryObject [0x9102CCF4]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwQueueApcThreadEx [0x9102CA02]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSetBootEntryOrder [0x9102ABFE]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSetBootOptions [0x9102AC64]
SSDT            \??\C:\Windows\system32\drivers\aswSP.sys                                                                               ZwSetContextThread [0x910E1602]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSetSystemInformation [0x9102A7B8]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSetSystemPowerState [0x9102A98A]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwShutdownSystem [0x9102A918]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSuspendProcess [0x9102C562]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSuspendThread [0x9102C6C4]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwSystemDebugControl [0x9102AA12]
SSDT            \??\C:\Windows\system32\drivers\aswSP.sys                                                                               ZwTerminateProcess [0x910E1378]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwTerminateThread [0x9102C1F2]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwVdmControl [0x9102ACCA]
SSDT            \??\C:\Windows\system32\drivers\aswSnx.sys                                                                              ZwWriteVirtualMemory [0x9102B606]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                82E86A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82EC0212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                     82EC7460 4 Bytes  [CC, AA, 02, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                     82EC74E8 4 Bytes  [AA, B5, 02, 91] {STOSB ; MOV CH, 0x2; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                     82EC753C 8 Bytes  [92, 76, 03, 91, DE, 76, 03, ...] {XCHG EDX, EAX; JBE 0x6; XCHG ECX, EAX; FIDIV WORD [ESI+0x3]; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                     82EC7548 4 Bytes  [78, 78, 03, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                     82EC7564 4 Bytes  [00, 76, 03, 91] {ADD [ESI+0x3], DH; XCHG ECX, EAX}
.text           ...                                                                                                                     
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                             830824DF 4 Bytes  CALL 9102D5C5 \??\C:\Windows\system32\drivers\aswSnx.sys
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                            8309C347 4 Bytes  CALL 9102D5DB \??\C:\Windows\system32\drivers\aswSnx.sys
?               System32\drivers\vscu.sys                                                                                               Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\EPSON Software\Event Manager\EEventManager.exe[256] kernel32.dll!GetBinaryTypeW + 70                   770969E4 1 Byte  [62]
.text           C:\Windows\servicing\TrustedInstaller.exe[608] kernel32.dll!GetBinaryTypeW + 70                                         770969E4 1 Byte  [62]
.text           C:\Windows\system32\EscSvc.exe[616] kernel32.dll!GetBinaryTypeW + 70                                                    770969E4 1 Byte  [62]
.text           C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[620] kernel32.dll!GetBinaryTypeW + 70                770969E4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[748] kernel32.dll!GetBinaryTypeW + 70                                                     770969E4 1 Byte  [62]
.text           ...                                                                                                                     
.text           C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHCreateShellFolderView + EB7                                                 7606176E 5 Bytes  JMP 65F91890 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHCreateDefaultExtractIcon + 7B28                                             760A3C11 5 Bytes  JMP 65F91920 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHFileOperation + F970                                                        7629AC19 5 Bytes  JMP 65F91B20 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3396] SHELL32.dll!SHLoadInProc + 22474                                                          762E7B1C 5 Bytes  JMP 65F91A40 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3396] ole32.dll!RegisterDragDrop                                                                757BE924 5 Bytes  JMP 65F91620 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Windows\Explorer.EXE[3396] ole32.dll!CoCreateInstance                                                                757E9D0B 5 Bytes  JMP 65F915C0 C:\Program Files\QTTabBar\QTHookLib32.dll
.text           C:\Program Files\Acronis\DriveMonitor\adm_tray.exe[3404] kernel32.dll!GetBinaryTypeW + 70                               770969E4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3536] kernel32.dll!GetBinaryTypeW + 70                                                  770969E4 1 Byte  [62]
.text           C:\Program Files\FSP\FspUip.exe[3576] kernel32.dll!GetBinaryTypeW + 70                                                  770969E4 1 Byte  [62]
.text           C:\Program Files\Launch Manager\WisLMSvc.exe[3720] kernel32.dll!GetBinaryTypeW + 70                                     770969E4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3804] kernel32.dll!GetBinaryTypeW + 70                                                  770969E4 1 Byte  [62]
.text           ...                                                                                                                     

---- Devices - GMER 2.1 ----

Device                                                                                                                                  Ntfs.sys

AttachedDevice                                                                                                                          tdrpm258.sys

Device                                                                                                                                  volmgr.sys

AttachedDevice                                                                                                                          fltmgr.sys

Device                                                                                                                                  iaStor.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\XP-710 Series(Netzwerk)@ChangeID                       156250
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{00D40C5D-2089-11E0-992C-806E6F6E6963}  6449980912
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{54465A87-2089-11E0-9542-B833ABCC903B}  73749504

---- EOF - GMER 2.1 ----
Für Eure Hilfe, danke im Voraus

Alt 03.03.2014, 14:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Virenfunde durch MBAM - Standard

Virenfunde durch MBAM


Hi,

sieht gut aus. Probleme mit dem Rechner?
__________________

__________________
Alt 03.03.2014, 16:32   #3
juhu73
 
Virenfunde durch MBAM - Standard

Virenfunde durch MBAM


Danke für die schnelle Antwort,
Bis jetzt keine Auffälligkeiten
__________________
Alt 04.03.2014, 12:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Virenfunde durch MBAM - Standard

Virenfunde durch MBAM


Dann ist der Rechner sauber, waren nur die paar Funde von MBAM
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.03.2014, 14:24   #5
juhu73
 
Virenfunde durch MBAM - Standard

Virenfunde durch MBAM


Guter Abschluss, danke.


Alt 05.03.2014, 12:23   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Virenfunde durch MBAM - Standard

Virenfunde durch MBAM


Gern Geschehen
__________________
--> Virenfunde durch MBAM

Antwort

Themen zu Virenfunde durch MBAM
administrator, antivirus, avast, browser, cyberghost, desktop, download, entfernen, explorer, harddisk, helper, home, homepage, installation, launch, mozilla, netzwerk, pdf, registry, scan, secunia psi, security, services.exe, software, superantispyware, svchost.exe, temp, tracker, winlogon.exe


« Windows Vista 32Bit Interpol-Trojaner, Österr. | Funde mit MAMB, PriceGong »


Ähnliche Themen: Virenfunde durch MBAM


  1. Super langsamer Win8-PC durch lauter Adware etc... ~400 MBAM-Funde!
    Log-Analyse und Auswertung - 04.03.2016 (23)
  2. Virenfunde auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (13)
  3. Avira, MBAM - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 25.06.2014 (17)
  4. Avira Antivir und MBAM werden durch Gruppenrichtlinien blockiert und lassen sich dadurch nicht starten
    Log-Analyse und Auswertung - 04.06.2014 (10)
  5. Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam
    Log-Analyse und Auswertung - 04.03.2014 (11)
  6. Windows 7: Wiederholte Funde bösartiger Software durch MBAM
    Log-Analyse und Auswertung - 09.02.2014 (7)
  7. Spyware.Password und Heuristic.Reserved.Word.Exploit durch MBAM gefunden
    Log-Analyse und Auswertung - 31.01.2014 (9)
  8. Windows 8.1: evtl. BKA-Virus und Funde durch MBAM
    Log-Analyse und Auswertung - 20.12.2013 (13)
  9. PUP.Optional.Opencandy: 3 Virenfunde durch Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (6)
  10. Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg
    Log-Analyse und Auswertung - 24.10.2013 (9)
  11. Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
    Log-Analyse und Auswertung - 13.01.2013 (20)
  12. Trojan.FakeFireFox durch mbam in Quarantäne und in AntiVir werden versteckte Objekte gemeldet
    Log-Analyse und Auswertung - 10.07.2012 (5)
  13. outgoing Verbindung geblockt durch Mbam
    Log-Analyse und Auswertung - 17.06.2012 (1)
  14. Bluescreen durch Flashplayer; Malwarefund durch MBAM
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (11)
  15. Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM
    Log-Analyse und Auswertung - 01.09.2011 (31)
  16. Trojaner, Fehlermeldungen und Virenfunde!
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (7)
  17. Regelmäßige Virenfunde
    Log-Analyse und Auswertung - 27.11.2010 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virenfunde durch MBAM - Hallo, MBAM hat bei mir 5 Funde angezeigt. Ich habe sie entfernen lassen. Kann jemand trotzdem mal drüberschauen. Mbam: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: - Virenfunde durch MBAM...
Archiv
Du betrachtest: Virenfunde durch MBAM auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131